3 matches found
CVE-2022-39342 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...
CVE-2022-39342 OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. Versions prior to version 0.2.4 are vulnerable to authorization bypass under certain conditions. Users whose model has a relation defined as a tupleset the right hand side of a ‘from’ statement that involves anything other than a direct relationship...
CVE-2022-39342
OpenFGA versions prior to 0.2.4 are vulnerable to an authorization bypass when a model defines a relation as a tupleset that involves anything other than a direct relationship (e.g., not just as self). Version 0.2.4 patches this issue. No exploitation details are provided in the sources. Remediat...